Coverage Report

Created: 2023-06-07 07:24

/src/openssl/crypto/evp/exchange.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include <openssl/crypto.h>
11
#include <openssl/evp.h>
12
#include <openssl/err.h>
13
#include "internal/cryptlib.h"
14
#include "internal/refcount.h"
15
#include "internal/provider.h"
16
#include "internal/core.h"
17
#include "internal/numbers.h"   /* includes SIZE_MAX */
18
#include "crypto/evp.h"
19
#include "evp_local.h"
20
21
static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov)
22
0
{
23
0
    EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH));
24
25
0
    if (exchange == NULL)
26
0
        return NULL;
27
28
0
    exchange->lock = CRYPTO_THREAD_lock_new();
29
0
    if (exchange->lock == NULL) {
30
0
        ERR_raise(ERR_LIB_EVP, ERR_R_CRYPTO_LIB);
31
0
        OPENSSL_free(exchange);
32
0
        return NULL;
33
0
    }
34
0
    exchange->prov = prov;
35
0
    ossl_provider_up_ref(prov);
36
0
    exchange->refcnt = 1;
37
38
0
    return exchange;
39
0
}
40
41
static void *evp_keyexch_from_algorithm(int name_id,
42
                                        const OSSL_ALGORITHM *algodef,
43
                                        OSSL_PROVIDER *prov)
44
0
{
45
0
    const OSSL_DISPATCH *fns = algodef->implementation;
46
0
    EVP_KEYEXCH *exchange = NULL;
47
0
    int fncnt = 0, sparamfncnt = 0, gparamfncnt = 0;
48
49
0
    if ((exchange = evp_keyexch_new(prov)) == NULL) {
50
0
        ERR_raise(ERR_LIB_EVP, ERR_R_EVP_LIB);
51
0
        goto err;
52
0
    }
53
54
0
    exchange->name_id = name_id;
55
0
    if ((exchange->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
56
0
        goto err;
57
0
    exchange->description = algodef->algorithm_description;
58
59
0
    for (; fns->function_id != 0; fns++) {
60
0
        switch (fns->function_id) {
61
0
        case OSSL_FUNC_KEYEXCH_NEWCTX:
62
0
            if (exchange->newctx != NULL)
63
0
                break;
64
0
            exchange->newctx = OSSL_FUNC_keyexch_newctx(fns);
65
0
            fncnt++;
66
0
            break;
67
0
        case OSSL_FUNC_KEYEXCH_INIT:
68
0
            if (exchange->init != NULL)
69
0
                break;
70
0
            exchange->init = OSSL_FUNC_keyexch_init(fns);
71
0
            fncnt++;
72
0
            break;
73
0
        case OSSL_FUNC_KEYEXCH_SET_PEER:
74
0
            if (exchange->set_peer != NULL)
75
0
                break;
76
0
            exchange->set_peer = OSSL_FUNC_keyexch_set_peer(fns);
77
0
            break;
78
0
        case OSSL_FUNC_KEYEXCH_DERIVE:
79
0
            if (exchange->derive != NULL)
80
0
                break;
81
0
            exchange->derive = OSSL_FUNC_keyexch_derive(fns);
82
0
            fncnt++;
83
0
            break;
84
0
        case OSSL_FUNC_KEYEXCH_FREECTX:
85
0
            if (exchange->freectx != NULL)
86
0
                break;
87
0
            exchange->freectx = OSSL_FUNC_keyexch_freectx(fns);
88
0
            fncnt++;
89
0
            break;
90
0
        case OSSL_FUNC_KEYEXCH_DUPCTX:
91
0
            if (exchange->dupctx != NULL)
92
0
                break;
93
0
            exchange->dupctx = OSSL_FUNC_keyexch_dupctx(fns);
94
0
            break;
95
0
        case OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS:
96
0
            if (exchange->get_ctx_params != NULL)
97
0
                break;
98
0
            exchange->get_ctx_params = OSSL_FUNC_keyexch_get_ctx_params(fns);
99
0
            gparamfncnt++;
100
0
            break;
101
0
        case OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS:
102
0
            if (exchange->gettable_ctx_params != NULL)
103
0
                break;
104
0
            exchange->gettable_ctx_params
105
0
                = OSSL_FUNC_keyexch_gettable_ctx_params(fns);
106
0
            gparamfncnt++;
107
0
            break;
108
0
        case OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS:
109
0
            if (exchange->set_ctx_params != NULL)
110
0
                break;
111
0
            exchange->set_ctx_params = OSSL_FUNC_keyexch_set_ctx_params(fns);
112
0
            sparamfncnt++;
113
0
            break;
114
0
        case OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS:
115
0
            if (exchange->settable_ctx_params != NULL)
116
0
                break;
117
0
            exchange->settable_ctx_params
118
0
                = OSSL_FUNC_keyexch_settable_ctx_params(fns);
119
0
            sparamfncnt++;
120
0
            break;
121
0
        }
122
0
    }
123
0
    if (fncnt != 4
124
0
            || (gparamfncnt != 0 && gparamfncnt != 2)
125
0
            || (sparamfncnt != 0 && sparamfncnt != 2)) {
126
        /*
127
         * In order to be a consistent set of functions we must have at least
128
         * a complete set of "exchange" functions: init, derive, newctx,
129
         * and freectx. The set_ctx_params and settable_ctx_params functions are
130
         * optional, but if one of them is present then the other one must also
131
         * be present. Same goes for get_ctx_params and gettable_ctx_params.
132
         * The dupctx and set_peer functions are optional.
133
         */
134
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
135
0
        goto err;
136
0
    }
137
138
0
    return exchange;
139
140
0
 err:
141
0
    EVP_KEYEXCH_free(exchange);
142
0
    return NULL;
143
0
}
144
145
void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange)
146
0
{
147
0
    int i;
148
149
0
    if (exchange == NULL)
150
0
        return;
151
0
    CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock);
152
0
    if (i > 0)
153
0
        return;
154
0
    OPENSSL_free(exchange->type_name);
155
0
    ossl_provider_free(exchange->prov);
156
0
    CRYPTO_THREAD_lock_free(exchange->lock);
157
0
    OPENSSL_free(exchange);
158
0
}
159
160
int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange)
161
0
{
162
0
    int ref = 0;
163
164
0
    CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock);
165
0
    return 1;
166
0
}
167
168
OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange)
169
0
{
170
0
    return exchange->prov;
171
0
}
172
173
EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
174
                               const char *properties)
175
0
{
176
0
    return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties,
177
0
                             evp_keyexch_from_algorithm,
178
0
                             (int (*)(void *))EVP_KEYEXCH_up_ref,
179
0
                             (void (*)(void *))EVP_KEYEXCH_free);
180
0
}
181
182
EVP_KEYEXCH *evp_keyexch_fetch_from_prov(OSSL_PROVIDER *prov,
183
                                         const char *algorithm,
184
                                         const char *properties)
185
0
{
186
0
    return evp_generic_fetch_from_prov(prov, OSSL_OP_KEYEXCH,
187
0
                                       algorithm, properties,
188
0
                                       evp_keyexch_from_algorithm,
189
0
                                       (int (*)(void *))EVP_KEYEXCH_up_ref,
190
0
                                       (void (*)(void *))EVP_KEYEXCH_free);
191
0
}
192
193
int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
194
0
{
195
0
    return EVP_PKEY_derive_init_ex(ctx, NULL);
196
0
}
197
198
int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
199
0
{
200
0
    int ret;
201
0
    void *provkey = NULL;
202
0
    EVP_KEYEXCH *exchange = NULL;
203
0
    EVP_KEYMGMT *tmp_keymgmt = NULL;
204
0
    const OSSL_PROVIDER *tmp_prov = NULL;
205
0
    const char *supported_exch = NULL;
206
0
    int iter;
207
208
0
    if (ctx == NULL) {
209
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
210
0
        return -2;
211
0
    }
212
213
0
    evp_pkey_ctx_free_old_ops(ctx);
214
0
    ctx->operation = EVP_PKEY_OP_DERIVE;
215
216
0
    ERR_set_mark();
217
218
0
    if (evp_pkey_ctx_is_legacy(ctx))
219
0
        goto legacy;
220
221
    /*
222
     * Some algorithms (e.g. legacy KDFs) don't have a pkey - so we create
223
     * a blank one.
224
     */
225
0
    if (ctx->pkey == NULL) {
226
0
        EVP_PKEY *pkey = EVP_PKEY_new();
227
228
0
        if (pkey == NULL
229
0
            || !EVP_PKEY_set_type_by_keymgmt(pkey, ctx->keymgmt)
230
0
            || (pkey->keydata = evp_keymgmt_newdata(ctx->keymgmt)) == NULL) {
231
0
            ERR_clear_last_mark();
232
0
            EVP_PKEY_free(pkey);
233
0
            ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
234
0
            goto err;
235
0
        }
236
0
        ctx->pkey = pkey;
237
0
    }
238
239
    /*
240
     * Try to derive the supported exch from |ctx->keymgmt|.
241
     */
242
0
    if (!ossl_assert(ctx->pkey->keymgmt == NULL
243
0
                     || ctx->pkey->keymgmt == ctx->keymgmt)) {
244
0
        ERR_clear_last_mark();
245
0
        ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
246
0
        goto err;
247
0
    }
248
0
    supported_exch = evp_keymgmt_util_query_operation_name(ctx->keymgmt,
249
0
                                                           OSSL_OP_KEYEXCH);
250
0
    if (supported_exch == NULL) {
251
0
        ERR_clear_last_mark();
252
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
253
0
        goto err;
254
0
    }
255
256
257
    /*
258
     * We perform two iterations:
259
     *
260
     * 1.  Do the normal exchange fetch, using the fetching data given by
261
     *     the EVP_PKEY_CTX.
262
     * 2.  Do the provider specific exchange fetch, from the same provider
263
     *     as |ctx->keymgmt|
264
     *
265
     * We then try to fetch the keymgmt from the same provider as the
266
     * exchange, and try to export |ctx->pkey| to that keymgmt (when
267
     * this keymgmt happens to be the same as |ctx->keymgmt|, the export
268
     * is a no-op, but we call it anyway to not complicate the code even
269
     * more).
270
     * If the export call succeeds (returns a non-NULL provider key pointer),
271
     * we're done and can perform the operation itself.  If not, we perform
272
     * the second iteration, or jump to legacy.
273
     */
274
0
    for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) {
275
0
        EVP_KEYMGMT *tmp_keymgmt_tofree = NULL;
276
277
        /*
278
         * If we're on the second iteration, free the results from the first.
279
         * They are NULL on the first iteration, so no need to check what
280
         * iteration we're on.
281
         */
282
0
        EVP_KEYEXCH_free(exchange);
283
0
        EVP_KEYMGMT_free(tmp_keymgmt);
284
285
0
        switch (iter) {
286
0
        case 1:
287
0
            exchange =
288
0
                EVP_KEYEXCH_fetch(ctx->libctx, supported_exch, ctx->propquery);
289
0
            if (exchange != NULL)
290
0
                tmp_prov = EVP_KEYEXCH_get0_provider(exchange);
291
0
            break;
292
0
        case 2:
293
0
            tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
294
0
            exchange =
295
0
                evp_keyexch_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
296
0
                                              supported_exch, ctx->propquery);
297
0
            if (exchange == NULL)
298
0
                goto legacy;
299
0
            break;
300
0
        }
301
0
        if (exchange == NULL)
302
0
            continue;
303
304
        /*
305
         * Ensure that the key is provided, either natively, or as a cached
306
         * export.  We start by fetching the keymgmt with the same name as
307
         * |ctx->keymgmt|, but from the provider of the exchange method, using
308
         * the same property query as when fetching the exchange method.
309
         * With the keymgmt we found (if we did), we try to export |ctx->pkey|
310
         * to it (evp_pkey_export_to_provider() is smart enough to only actually
311
         * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt)
312
         */
313
0
        tmp_keymgmt_tofree = tmp_keymgmt =
314
0
            evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
315
0
                                        EVP_KEYMGMT_get0_name(ctx->keymgmt),
316
0
                                        ctx->propquery);
317
0
        if (tmp_keymgmt != NULL)
318
0
            provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
319
0
                                                  &tmp_keymgmt, ctx->propquery);
320
0
        if (tmp_keymgmt == NULL)
321
0
            EVP_KEYMGMT_free(tmp_keymgmt_tofree);
322
0
    }
323
324
0
    if (provkey == NULL) {
325
0
        EVP_KEYEXCH_free(exchange);
326
0
        goto legacy;
327
0
    }
328
329
0
    ERR_pop_to_mark();
330
331
    /* No more legacy from here down to legacy: */
332
333
    /* A Coverity false positive with up_ref/down_ref and free */
334
    /* coverity[use_after_free] */
335
0
    ctx->op.kex.exchange = exchange;
336
    /* A Coverity false positive with up_ref/down_ref and free */
337
    /* coverity[deref_arg] */
338
0
    ctx->op.kex.algctx = exchange->newctx(ossl_provider_ctx(exchange->prov));
339
0
    if (ctx->op.kex.algctx == NULL) {
340
        /* The provider key can stay in the cache */
341
0
        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
342
0
        goto err;
343
0
    }
344
0
    ret = exchange->init(ctx->op.kex.algctx, provkey, params);
345
346
0
    EVP_KEYMGMT_free(tmp_keymgmt);
347
0
    return ret ? 1 : 0;
348
0
 err:
349
0
    evp_pkey_ctx_free_old_ops(ctx);
350
0
    ctx->operation = EVP_PKEY_OP_UNDEFINED;
351
0
    EVP_KEYMGMT_free(tmp_keymgmt);
352
0
    return 0;
353
354
0
 legacy:
355
    /*
356
     * If we don't have the full support we need with provided methods,
357
     * let's go see if legacy does.
358
     */
359
0
    ERR_pop_to_mark();
360
361
#ifdef FIPS_MODULE
362
    return 0;
363
#else
364
0
    if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
365
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
366
0
        return -2;
367
0
    }
368
369
0
    if (ctx->pmeth->derive_init == NULL)
370
0
        return 1;
371
0
    ret = ctx->pmeth->derive_init(ctx);
372
0
    if (ret <= 0)
373
0
        ctx->operation = EVP_PKEY_OP_UNDEFINED;
374
0
    EVP_KEYMGMT_free(tmp_keymgmt);
375
0
    return ret;
376
0
#endif
377
0
}
378
379
int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
380
                                int validate_peer)
381
0
{
382
0
    int ret = 0, check;
383
0
    void *provkey = NULL;
384
0
    EVP_PKEY_CTX *check_ctx = NULL;
385
0
    EVP_KEYMGMT *tmp_keymgmt = NULL, *tmp_keymgmt_tofree = NULL;
386
387
0
    if (ctx == NULL) {
388
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
389
0
        return -1;
390
0
    }
391
392
0
    if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.algctx == NULL)
393
0
        goto legacy;
394
395
0
    if (ctx->op.kex.exchange->set_peer == NULL) {
396
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
397
0
        return -2;
398
0
    }
399
400
0
    if (validate_peer) {
401
0
        check_ctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, peer, ctx->propquery);
402
0
        if (check_ctx == NULL)
403
0
            return -1;
404
0
        check = EVP_PKEY_public_check(check_ctx);
405
0
        EVP_PKEY_CTX_free(check_ctx);
406
0
        if (check <= 0)
407
0
            return -1;
408
0
    }
409
410
    /*
411
     * Ensure that the |peer| is provided, either natively, or as a cached
412
     * export.  We start by fetching the keymgmt with the same name as
413
     * |ctx->keymgmt|, but from the provider of the exchange method, using
414
     * the same property query as when fetching the exchange method.
415
     * With the keymgmt we found (if we did), we try to export |peer|
416
     * to it (evp_pkey_export_to_provider() is smart enough to only actually
417
     * export it if |tmp_keymgmt| is different from |peer|'s keymgmt)
418
     */
419
0
    tmp_keymgmt_tofree = tmp_keymgmt =
420
0
        evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)
421
0
                                    EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange),
422
0
                                    EVP_KEYMGMT_get0_name(ctx->keymgmt),
423
0
                                    ctx->propquery);
424
0
    if (tmp_keymgmt != NULL)
425
        /* A Coverity issue with up_ref/down_ref and free */
426
        /* coverity[pass_freed_arg] */
427
0
        provkey = evp_pkey_export_to_provider(peer, ctx->libctx,
428
0
                                              &tmp_keymgmt, ctx->propquery);
429
0
    EVP_KEYMGMT_free(tmp_keymgmt_tofree);
430
431
    /*
432
     * If making the key provided wasn't possible, legacy may be able to pick
433
     * it up
434
     */
435
0
    if (provkey == NULL)
436
0
        goto legacy;
437
0
    return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
438
439
0
 legacy:
440
#ifdef FIPS_MODULE
441
    return ret;
442
#else
443
0
    if (ctx->pmeth == NULL
444
0
        || !(ctx->pmeth->derive != NULL
445
0
             || ctx->pmeth->encrypt != NULL
446
0
             || ctx->pmeth->decrypt != NULL)
447
0
        || ctx->pmeth->ctrl == NULL) {
448
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
449
0
        return -2;
450
0
    }
451
0
    if (ctx->operation != EVP_PKEY_OP_DERIVE
452
0
        && ctx->operation != EVP_PKEY_OP_ENCRYPT
453
0
        && ctx->operation != EVP_PKEY_OP_DECRYPT) {
454
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
455
0
        return -1;
456
0
    }
457
458
0
    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
459
460
0
    if (ret <= 0)
461
0
        return ret;
462
463
0
    if (ret == 2)
464
0
        return 1;
465
466
0
    if (ctx->pkey == NULL) {
467
0
        ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
468
0
        return -1;
469
0
    }
470
471
0
    if (ctx->pkey->type != peer->type) {
472
0
        ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES);
473
0
        return -1;
474
0
    }
475
476
    /*
477
     * For clarity.  The error is if parameters in peer are
478
     * present (!missing) but don't match.  EVP_PKEY_parameters_eq may return
479
     * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
480
     * (different key types) is impossible here because it is checked earlier.
481
     * -2 is OK for us here, as well as 1, so we can check for 0 only.
482
     */
483
0
    if (!EVP_PKEY_missing_parameters(peer) &&
484
0
        !EVP_PKEY_parameters_eq(ctx->pkey, peer)) {
485
0
        ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_PARAMETERS);
486
0
        return -1;
487
0
    }
488
489
0
    EVP_PKEY_free(ctx->peerkey);
490
0
    ctx->peerkey = peer;
491
492
0
    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
493
494
0
    if (ret <= 0) {
495
0
        ctx->peerkey = NULL;
496
0
        return ret;
497
0
    }
498
499
0
    EVP_PKEY_up_ref(peer);
500
0
    return 1;
501
0
#endif
502
0
}
503
504
int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
505
0
{
506
0
    return EVP_PKEY_derive_set_peer_ex(ctx, peer, 1);
507
0
}
508
509
int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
510
0
{
511
0
    int ret;
512
513
0
    if (ctx == NULL || pkeylen == NULL) {
514
0
        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
515
0
        return -1;
516
0
    }
517
518
0
    if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
519
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
520
0
        return -1;
521
0
    }
522
523
0
    if (ctx->op.kex.algctx == NULL)
524
0
        goto legacy;
525
526
0
    ret = ctx->op.kex.exchange->derive(ctx->op.kex.algctx, key, pkeylen,
527
0
                                       key != NULL ? *pkeylen : 0);
528
529
0
    return ret;
530
0
 legacy:
531
0
    if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
532
0
        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
533
0
        return -2;
534
0
    }
535
536
0
    M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
537
0
        return ctx->pmeth->derive(ctx, key, pkeylen);
538
0
}
539
540
int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch)
541
0
{
542
0
    return keyexch->name_id;
543
0
}
544
545
const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *keyexch)
546
0
{
547
0
    return keyexch->type_name;
548
0
}
549
550
const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch)
551
0
{
552
0
    return keyexch->description;
553
0
}
554
555
int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name)
556
0
{
557
0
    return keyexch != NULL
558
0
           && evp_is_a(keyexch->prov, keyexch->name_id, NULL, name);
559
0
}
560
561
void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx,
562
                                 void (*fn)(EVP_KEYEXCH *keyexch, void *arg),
563
                                 void *arg)
564
0
{
565
0
    evp_generic_do_all(libctx, OSSL_OP_KEYEXCH,
566
0
                       (void (*)(void *, void *))fn, arg,
567
0
                       evp_keyexch_from_algorithm,
568
0
                       (int (*)(void *))EVP_KEYEXCH_up_ref,
569
0
                       (void (*)(void *))EVP_KEYEXCH_free);
570
0
}
571
572
int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch,
573
                             void (*fn)(const char *name, void *data),
574
                             void *data)
575
0
{
576
0
    if (keyexch->prov != NULL)
577
0
        return evp_names_do_all(keyexch->prov, keyexch->name_id, fn, data);
578
579
0
    return 1;
580
0
}
581
582
const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch)
583
0
{
584
0
    void *provctx;
585
586
0
    if (keyexch == NULL || keyexch->gettable_ctx_params == NULL)
587
0
        return NULL;
588
589
0
    provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(keyexch));
590
0
    return keyexch->gettable_ctx_params(NULL, provctx);
591
0
}
592
593
const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch)
594
0
{
595
0
    void *provctx;
596
597
0
    if (keyexch == NULL || keyexch->settable_ctx_params == NULL)
598
0
        return NULL;
599
0
    provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(keyexch));
600
0
    return keyexch->settable_ctx_params(NULL, provctx);
601
0
}